SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 12

changes.mady.by.user Joman Chu

Saved on

compared with

New Version 13

changes.mady.by.user Joman Chu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fixing link

...

Code Block
bgColor#ccccff
import java.util.regex.Pattern;
import java.util.regex.Matcher;
import java.util.HashMap;

/\* Usage Test2 <regex>
&nbsp;\* Regex is used directly without santization causing sensitive data to be exposed
&nbsp;\*
&nbsp;\* Imagine this program searches a database of users for usernames that match a regex
&nbsp;\* Non malicious usage: Test1 John.\*
&nbsp;\* Malicious usage: (?s)John.\*
&nbsp;*/
public class Test2
{
&nbsp;&nbsp; &nbsp;public static class User
&nbsp;&nbsp; &nbsp;{
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;String name, password;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;public User(String name, String password)
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;{
            setName(name);
            setPassword(password);
        }
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;private void setName(String n) { name = n; }
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;private void setPassword(String pw) { password = pw; }
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;public String getName() { return name; }
&nbsp;&nbsp; &nbsp;}

&nbsp;&nbsp; &nbsp;public static void main(String\[\] args)
&nbsp;&nbsp; &nbsp;{
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;if (args.length < 1) {
            System.err.println("Failed to specify a regex");
            return;
        }

&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;String sensitiveData; //represents sensitive data from a file or something
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;int flags;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;String regex;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;Pattern p;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;Matcher m;
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;HashMap<String, User> userMap = new HashMap<String, User>();

&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;//imagine a CSV style database: user,password
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;sensitiveData = "JohnPaul,HearsGodsVoice\nJohnJackson,OlympicBobsleder\nJohnMayer,MakesBadMusic\n";
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;String\[\] csvUsers = sensitiveData.split("\n");
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;for (String csvUser : csvUsers) {
            String[] csvUserSplit = csvUser.split(",");
            String name = csvUserSplit[0];
            String pw = csvUserSplit[1];
            User u = new User(name, pw);
            userMap.put(name, u);
        }


&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;regex = args[0];
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;flags = 0;

&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;System.out.println("Pattern: \'" + regex + "\'");
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;p = Pattern.compile(regex, flags);


&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;for (String u : userMap.keySet()) {
            m = p.matcher(u);
            while (m.find())
                System.out.println("Found \'" + m.group() + "\'");
        }
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;System.err.println("DONE");
&nbsp;&nbsp; &nbsp;}
}
Code Block

Risk Assessment

Rule

Severity

Liklihood

Remediation Cost

Priority

Level

IDS18-J

medium

unlikely

high

 

 

...

CWE ID 625 Permissive Regular Expressions

Wiki Markup\[CVE-2005-1949\|[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1949|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1949]\] Arbitrary command execution in ePing plugin for e107 portal due to an overly permissive regular expression parsing an IP